-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v1.14 Backports 2023-08-28 #27739
v1.14 Backports 2023-08-28 #27739
Conversation
[ upstream commit 87518a3 ] Currently dnsProxy.dnsRejectResponseCode helm value is ignored because FQDNRejectResponseCode is not populated from viper Signed-off-by: Andrii Iuspin <yuspin@gmail.com> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit dcef00d ] Signed-off-by: weizhou.lan@daocloud.io <weizhou.lan@daocloud.io> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit 6217d01 ] Add a note under limitations to the needed kernel commit for getting nfs working, and reference to the GH issue, so that the discussion is easier to find. Once we get this into stable releases, we can update this bullet with more info. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit c45dbb9 ] This change will re-trigger the auth mechanism if a signal got send but the entry was already in cache. It adds a 1 second backoff time to allow for the backend map to finish updating, which is why it was added in the first place. Signed-off-by: Maartje Eyskens <maartje@eyskens.me> Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My PR looks good, thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My commit looks good. Thanks!
/test-backport-1.14 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM for my PR
[ upstream commit e9e43fe ] This commit changes workflow's name fields to make them more human readable by adding spaces. Also some of the names was changed to be more consistent with each other Signed-off-by: Birol Bilgin <birol@cilium.io> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit 0481d5f ] Signed-off-by: Richard Tweed <RichardoC@users.noreply.github.com>
[ upstream commit 6fa9708 ] While the digests are unset and disabled in the main branch, they are set to the values corresponding to the latest patch release for stable branches. Hence, let's explicitly disable them when pushing the development helm chart. Signed-off-by: Marco Iorio <marco.iorio@isovalent.com> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit e46ade2 ] This check was designed to inform users of CCNP that the behaviour changed around the timeframe of v1.9. However, the actual check is complaining about policy that is valid. At this point there is no need to warn users during preflight checks that they are using empty endpoint selectors in CCNPs, because this can validly be used to select all Pods within the cluster. Remove the check. Signed-off-by: sh2 <shawnhxh@outlook.com> Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
9616059
to
6eb185d
Compare
/test-backport-1.14 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have made small changes to my commit.
Since some of the workflow names changed, Required Worflows needs to be changed after this is merged. The list of changes is below.
-name: ConformanceAKS (ci-aks)
+name: Conformance AKS (ci-aks)
--
-name: ClusterMesh (ci-multicluster)
+name: Conformance Cluster Mesh (ci-clustermesh)
--
-name: Cilium Conformance E2E (ci-e2e)
+name: Conformance E2E (ci-e2e)
--
-name: ConformanceEKS (ci-eks)
+name: Conformance EKS (ci-eks)
--
-name: External workloads (ci-external-workloads)
+name: Conformance External Workloads (ci-external-workloads)
--
-name: ConformanceGatewayAPI
+name: Conformance Gateway API
--
-name: Conformance ginkgo (ci-ginkgo)
+name: Conformance Ginkgo (ci-ginkgo)
--
-name: ConformanceGKE (ci-gke)
+name: Conformance GKE (ci-gke)
--
-name: ConformanceIngress
+name: Conformance Ingress
--
-name: K8sUpstreamNetConformance
+name: Conformance K8s Upstream Network
--
-name: ConformanceK8sKind
+name: Conformance K8s Kind
--
-name: Cyclonus network policy test
+name: Cyclonus Network Policy Test
--
-name: ConformanceKindEnvoyDaemonSet
+name: Conformance Kind Envoy DaemonSet
--
-name: ConformanceMultiPoolIPAM
+name: Conformance Multi Pool IPAM
--
-name: Cilium Runtime
+name: Conformance Runtime
--
-name: Container vulnerability scan
+name: Container Vulnerability Scan
--
-name: IntegrationTests
+name: Integration Tests
--
-name: BPF checks
+name: BPF Checks
--
-name: build-commits
+name: Build Commits
--
-name: codeql
+name: CodeQL
--
-name: Go-related checks
+name: Go Related Checks
--
-name: GitHub Workflow-related checks
+name: GitHub Workflow Related Checks
--
-name: Smoke test
+name: Smoke Test
Also, Branch protection rules need to be adjusted.
To Remove
build datapath
coccicheck
conformance-test
conformance-test-ipv6
generate-api
generate-k8s-api
go-mod
lint
precheck
preflight-clusterrole
To Add
BPF Checks / Build Datapath
BPF Checks / Run coccicheck
Smoke Test / Installation and Conformance Test
Smoke Test with IPv6 / Installation and Conformance Test
Go Related Checks / Generate API
Go Related Checks / Generate k8s API
Go Related Checks / Check Go Modules
Go Related Checks / Lint Source Code
Go Related Checks / Precheck
Smoke Test / Preflight Clusterrole Check
LGTM for my PR |
/test-backport-1.14 |
newAuthManager
(ipCache
->nodeIDHandler
) and unexportedAuthManager
type)build-images-docs-builder.yaml
,close-stale-issues.yaml
,ci-images-cache-cleaner.yaml
,ci-images-garbage-collect.yaml
,conformance-ipsec-e2e.yaml
andlint-codeowners.yaml
)Once this PR is merged, you can update the PR labels via:
or with